[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] just a question . . .
- Subject: [cobalt-security] just a question . . .
- From: "Fragga" <fragga@xxxxxxxxxxxx>
- Date: Mon, 11 Feb 2002 10:11:46 -0600
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
hello all. . .
firstly, thanks for all your responses regarding the apache admin server
runnig as root issue.
guess i`ll just have to live with it regarding that.
secondly i wonder if u can answer a question regarding http connections,
i normally cron a job to run each hour which mails me a few logs and the
output
of an netstat -at | grep www . sometimes however i seem to get web
conections
where apache has opened multiple ports for. I know that it juggles it onto a
different
port when it receives a connection but i get multiples similar to the output
of
<snip>
...........
tcp 0 0 hostname.net:www 194.200.***.***:47144 TIME_WAIT
tcp 0 0 hostname.net:www 194.200.***.***:46442 TIME_WAIT
tcp 0 0 hostname.net:www 194.200.***.***:46427 TIME_WAIT
tcp 0 0 hostname.net:www 194.200.***.***:46424 TIME_WAIT
tcp 0 0 hostname.net:www 194.200.***.***:46423 TIME_WAIT
tcp 0 0 hostname.net:www 194.200.***.***:46407 TIME_WAIT
tcp 0 0 hostname.net:www 194.200.***.***:46402 TIME_WAIT
tcp 0 0 hostname.net:www 194.200.***.***:46398 TIME_WAIT
tcp 0 0 hostname.net:www 194.200.***.***:46320 TIME_WAIT
tcp 0 0 hostname.net:www 194.200.***.***:46319 TIME_WAIT
tcp 0 0 hostname.net:www 194.200.***.***:46318 TIME_WAIT
tcp 0 0 hostname.net:www 194.200.***.***:46291 TIME_WAIT
tcp 0 0 hostname.net:www 194.200.***.***:46269 TIME_WAIT
............ and goes on and on . . . .
</snip> ( shortened for the sake of boredom )
seems strange that sometimes it has so many connections open. . .
can anyone shed any light on this ? i though that maybe this would
be the start of a SYN flood trying to determine sequence numbers etc
or possibly some sort of nmap scan however its puzzling as its only
connected to HTTP. Apologies if this is standard TCP / IP Practice i
was just wondering.
any ideas ?
cheers
fragga